# -*- mode: org; fill-column: 80; -*-
#+TITLE: SSH Troubleshooting
#+AUTHOR: Zelphir Kaltstahl
#+STARTUP: content indent align inlineimages entitiesplain nologdone nologreschedule nologredeadline nologrefile
#+TODO: TODO WIP | DONE
#+DATE: <2021-07-05 Mon>
#+LANGUAGE: English
#+PRIORITIES: A C C
#+KEYWORDS: ssh debug guide troubleshoot

* Connecting to remote

Connect with the flags =-vvv= to get all output. For example:

#+begin_src shell
ssh -vvv -o PreferredAuthentications=publickey user@host
#+end_src

The following can help finding the issue:

#+begin_src shell
telnet someotherserver 22
#+end_src

Or tcpdump inspecting packages:

#+begin_src shell
tcpdump -i any  "not host [mylocalip] and not localhost and not ip and not arp"
#+end_src

* Permissions

** Home directory of user

#+begin_src shell
chmod 755 /home/username
#+end_src

** SSH directory itself

#+begin_src shell
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/*
chmod 644 ~/.ssh/authorized_keys
#+end_src

* Ownership

** Home directory of user

#+begin_src shell
sudo chown --recursive yourusername:yourusername /home/yourusername/
sudo chmod --recursive o-rwx /home/yourusername/
#+end_src

Perhaps the following:

#+begin_src shell
chown --recursive $user:$user /home/$user
#+end_src

* Configuration

** Enable public key authentication

=/etc/ssh/sshd_config= must contain:

#+begin_src conf
RSAAuthentication yes
PubkeyAuthentication yes
#+end_src

** Wrong =authrized_keys= file specified in =/etc/ssh/sshd_config=

#+begin_src conf
AuthorizedKeysFile /home/username/.ssh/authorized_keys
#+end_src

* Error logs

** Enable more logging

Edit =/etc/ssh/sshd_config= to:

#+begin_src conf
SyslogFacility AUTH
LogLevel DEBUG
#+end_src

** Security logs

Look at =/var/log/secure=, for example as follows:

#+begin_src shell
grep 'sshd' /var/log/secure | grep 'Authentication refused'
#+end_src

** General logs

#+begin_src shell
tail -l /var/log/messages
#+end_src

* Fix problem with SELinux

#+begin_src shell
restorecon -Rv /root/.ssh
#+end_src
